From 7bc8531da49ed4db1b98416be0b5959266dd19be Mon Sep 17 00:00:00 2001 From: Tobias Stoeckmann Date: Sat, 13 Apr 2024 05:14:59 +0000 Subject: [PATCH] Prevent usage of uninitialized variable in `__archive_mkstemp` (#2121) Calling `__archive_mkstemp` can lead to access of an uninitialized variable in `__archive_mktempx`, because `temp_name` is only initialized if supplied `template` argument is `NULL`. If `template` is not `NULL`, it is eventually compared with `temp_name.s` anyway. The fix is simple: Always initialize `temp_name`, which merely sets values in the struct. No memory allocation occurs and the check leads to the expected result. How to reproduce: 1. Compile libarchive with Visual Studio 2022 and CMake's Debug profile 2. Run test `bsdtar_test_option_safe_writes` 3. A popup (Microsoft Visual C++ Runtime Library) appears, stating that variable temp_name is being used without being initialized --- libarchive/archive_util.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libarchive/archive_util.c b/libarchive/archive_util.c index 32d4bd409..7b918fef0 100644 --- a/libarchive/archive_util.c +++ b/libarchive/archive_util.c @@ -255,10 +255,9 @@ __archive_mktempx(const char *tmpdir, wchar_t *template) #endif fd = -1; ws = NULL; + archive_string_init(&temp_name); if (template == NULL) { - archive_string_init(&temp_name); - /* Get a temporary directory. */ if (tmpdir == NULL) { size_t l; -- 2.47.3